And so should the management system
The buck stops at the top boss' office, no matter what. In any management system, it's the responsibility of the manager to ensure their people are doing their job properly, even if that means paying to have external professionals check them out at times - that's what audits are all about.
Also, in any work situation, there are many management imposed restrictions via policies, funding, authority to act etc. At a university, it often requires top management approval before significant items, or parts of the IT system can be taken off line for any reason, or any changes of any type can be made. I know of one university where the IT people had to wait 7 months, until after the end of the scholastic year, before they were allowed to make an important change to the network, to improve security. Management policy was no changes during the scholastic year, for any reason.
If 90% of the IT dept needs changing, then it implies that there are significant cultural, structural, and policy problems within the IT dept, and that all comes back to the senior management (those above the IT managers) doing their job of corporate guidance properly.
In several educational organisations here in Australia, I've seen non IT people constrain IT operations as they were responsible for writing policies, and allocating funds. They issued policies that set out what software was to be used, based on their personal preferences and what deals they could get, not on the suitability for the intended purpose. Restrictions on what types of changes can be made, and when - often based on convenience not operational needs. Then they blame the IT staff for any performance problems created by those restrictions.
